Before you send a complaint to Ripe, you should know that they are the Internet governing body for Europe - (Réseaux IP Européens). Check with http://www.ripe.net/perl/whois and you'll find that the IP range actually is assigned to: route: 130.120.0.0/16 descr: RENATER descr: Universite Pierre et Marie Curie descr: 4 place Jussieu 75252 PARIS CEDEX 05 descr: FRANCE origin: AS2200 mnt-by: RENATER-MNT changed: RenSVP@xxxxxxxxxx 19991008 source: RIPE person: Dominique Incerti address: Centre Interuniversitaire de Calcul de Toulouse address: 118, route de Narbonne address: F-31062 Toulouse CEDEX, France e-mail: incerti@xxxxxxx phone: +33 5 61 36 60 12 fax-no: +33 5 61 52 14 58 nic-hdl: DI10-RIPE mnt-by: RENATER-MNT changed: rensvp@xxxxxxxxxx 19961125 changed: rensvp@xxxxxxxxxx 20030326 source: RIPE So it's probably some script kiddie with a French accent..... and incerti@xxxxxxx may well be interested in knowing that they have been rattling your doorknob Dave Gavin Thomas Sapp said: > Honestly, I would forward the logfile that you got that from, with > non-pertinent info removed of course, to abuse@xxxxxxxxx The reason I > say this is because of the following information: > > 130.120.81.14 Record Type: IP Address > > OrgName: RIPE Network Coordination Centre > OrgID: RIPE > Address: Singel 258 > Address: 1016 AB > City: Amsterdam > StateProv: > PostalCode: > Country: NL > > ReferralServer: whois://whois.ripe.net:43 > > NetRange: 130.120.0.0 - 130.120.255.255 > CIDR: 130.120.0.0/16 > NetName: RIPE-ERX-130-120-0-0 > NetHandle: NET-130-120-0-0-1 > Parent: NET-130-0-0-0-0 > NetType: Early Registrations, Transferred to RIPE NCC > Comment: These addresses have been further assigned to users in > Comment: the RIPE NCC region. Contact information can be found in > Comment: the RIPE database at http://www.ripe.net/whois > RegDate: 2003-11-12 > Updated: 2004-03-02 > > Which I obtained from a whois query. No guarantee that anything will > become of the report but it's always better to be safe than sorry. > > On Sat, 2004-07-17 at 12:40, Jonathan T. Steadman wrote: >> Sorry this is yet another lame question, but I am new to hosting web >> server ect. just kinda experimenting actually and in my logs i came >> across some garbage (its at the bottom of this email) what do you do >> about this? Just let it be? inform ISP? wait and see if it is more >> continuous? dont know the proper thing to do i guess just making sure >> with you guys. >> >> Jul 17 14:42:24 localhost sshd[6746]: Illegal user test from >> 130.120.81.14 >> Jul 17 14:42:26 localhost sshd[6746]: Failed password for illegal user >> test from 130.120.81.14 port 48692 ssh2 >> Jul 17 14:42:27 localhost sshd[6748]: Illegal user guest from >> 130.120.81.14 >> Jul 17 14:42:30 localhost sshd[6748]: Failed password for illegal user >> guest from 130.120.81.14 port 48753 ssh2 >> Jul 17 14:42:31 localhost sshd[6750]: Illegal user admin from >> 130.120.81.14 >> Jul 17 14:42:33 localhost sshd[6750]: Failed password for illegal user >> admin from 130.120.81.14 port 48807 ssh2 >> Jul 17 14:42:34 localhost sshd[6752]: Illegal user admin from >> 130.120.81.14 >> Jul 17 14:42:37 localhost sshd[6752]: Failed password for illegal user >> admin from 130.120.81.14 port 48849 ssh2 >> Jul 17 14:42:38 localhost sshd[6754]: Illegal user user from >> 130.120.81.14 >> Jul 17 14:42:40 localhost sshd[6754]: Failed password for illegal user >> user from 130.120.81.14 port 48879 ssh2 >> Jul 17 14:42:43 localhost sshd[6756]: Failed password for root from >> 130.120.81.14 port 48900 ssh2 >> Jul 17 14:42:47 localhost sshd[6758]: Failed password for root from >> 130.120.81.14 port 48913 ssh2 >> Jul 17 14:42:50 localhost sshd[6760]: Failed password for root from >> 130.120.81.14 port 48924 ssh2 >> Jul 17 14:42:51 localhost sshd[6762]: Illegal user test from >> 130.120.81.14 >> Jul 17 14:42:54 localhost sshd[6762]: Failed password for illegal user >> test from 130.120.81.14 port 48931 ssh2 > -- > Thanks, > Tom Sapp > http://www.sappsworld.com > > > -- > fedora-list mailing list > fedora-list@xxxxxxxxxx > To unsubscribe: http://www.redhat.com/mailman/listinfo/fedora-list >
